We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time.
The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately.
CTO at a computer software company with 11-50 employees
Real User
2020-12-15T15:36:41Z
Dec 15, 2020
The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.
Software Composition Analysis (SCA) is a crucial process that helps organizations identify, assess, and manage open source components within their software applications. With SCA tools, businesses can achieve several benefits, including identifying open source components, assessing security risks, ensuring compliance with licenses, and enhancing overall software quality.
The UI is the solution's most valuable feature since it allows for easy pipeline integration.
We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time.
The solution is stable.
The solution is very good at scanning and evaluating open source software.
The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately.
It is able to drill down to the source level.
Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it.
The installation is very easy.
The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.
The most valuable feature is the vulnerability scanning, and that it's easy to use.
The solution works well on Mac products.
The stability is okay.
I like the fact that the product auto analyzes components.
It highlights what the developers have done, and it shows the impact from an intellectual property point of view.